Missing Secure Attribute in Encrypted Session (SSL) Cookie - Wildfly10

jboss234 Sep 11, 2017 1:33 PM

How to apply AppScan security fix Missing Secure Attribute in Encrypted Session (SSL) Cookie for Wildfly 10.

I tried to Add the 'Secure' attribute to all sensitive cookies and for that I have added <session-cookie http-only="true" secure="true"/> under <servlet-container name="default"> in standalone.xml

After restarting Wildfly I am getting below pop up (Session Error message) while accessing application,

Thanks,

1. Re: Missing Secure Attribute in Encrypted Session (SSL) Cookie - Wildfly10

jaikiran Sep 12, 2017 12:51 AM (in response to jboss234)

You will have to check that application code first to see what and why is showing up that alert box. WildFly server itself doesn't show up any client side pop-ups like that one while accessing applications that are deployed on the server.
Actions